1 // Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 #include <openssl/dh.h>
16 
17 #include <openssl/bn.h>
18 #include <openssl/err.h>
19 #include <openssl/mem.h>
20 
21 #include "../fipsmodule/bn/internal.h"
22 #include "../fipsmodule/dh/internal.h"
23 
24 
get_params(BIGNUM * ret,const BN_ULONG * words,size_t num_words)25 static BIGNUM *get_params(BIGNUM *ret, const BN_ULONG *words,
26                           size_t num_words) {
27   BIGNUM *alloc = NULL;
28   if (ret == NULL) {
29     alloc = BN_new();
30     if (alloc == NULL) {
31       return NULL;
32     }
33     ret = alloc;
34   }
35 
36   if (!bn_set_words(ret, words, num_words)) {
37     BN_free(alloc);
38     return NULL;
39   }
40 
41   return ret;
42 }
43 
BN_get_rfc3526_prime_1536(BIGNUM * ret)44 BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *ret) {
45   static const BN_ULONG kWords[] = {
46       TOBN(0xffffffff, 0xffffffff), TOBN(0xf1746c08, 0xca237327),
47       TOBN(0x670c354e, 0x4abc9804), TOBN(0x9ed52907, 0x7096966d),
48       TOBN(0x1c62f356, 0x208552bb), TOBN(0x83655d23, 0xdca3ad96),
49       TOBN(0x69163fa8, 0xfd24cf5f), TOBN(0x98da4836, 0x1c55d39a),
50       TOBN(0xc2007cb8, 0xa163bf05), TOBN(0x49286651, 0xece45b3d),
51       TOBN(0xae9f2411, 0x7c4b1fe6), TOBN(0xee386bfb, 0x5a899fa5),
52       TOBN(0x0bff5cb6, 0xf406b7ed), TOBN(0xf44c42e9, 0xa637ed6b),
53       TOBN(0xe485b576, 0x625e7ec6), TOBN(0x4fe1356d, 0x6d51c245),
54       TOBN(0x302b0a6d, 0xf25f1437), TOBN(0xef9519b3, 0xcd3a431b),
55       TOBN(0x514a0879, 0x8e3404dd), TOBN(0x020bbea6, 0x3b139b22),
56       TOBN(0x29024e08, 0x8a67cc74), TOBN(0xc4c6628b, 0x80dc1cd1),
57       TOBN(0xc90fdaa2, 0x2168c234), TOBN(0xffffffff, 0xffffffff),
58   };
59   return get_params(ret, kWords, OPENSSL_ARRAY_SIZE(kWords));
60 }
61 
BN_get_rfc3526_prime_2048(BIGNUM * ret)62 BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *ret) {
63   static const BN_ULONG kWords[] = {
64       TOBN(0xffffffff, 0xffffffff), TOBN(0x15728e5a, 0x8aacaa68),
65       TOBN(0x15d22618, 0x98fa0510), TOBN(0x3995497c, 0xea956ae5),
66       TOBN(0xde2bcbf6, 0x95581718), TOBN(0xb5c55df0, 0x6f4c52c9),
67       TOBN(0x9b2783a2, 0xec07a28f), TOBN(0xe39e772c, 0x180e8603),
68       TOBN(0x32905e46, 0x2e36ce3b), TOBN(0xf1746c08, 0xca18217c),
69       TOBN(0x670c354e, 0x4abc9804), TOBN(0x9ed52907, 0x7096966d),
70       TOBN(0x1c62f356, 0x208552bb), TOBN(0x83655d23, 0xdca3ad96),
71       TOBN(0x69163fa8, 0xfd24cf5f), TOBN(0x98da4836, 0x1c55d39a),
72       TOBN(0xc2007cb8, 0xa163bf05), TOBN(0x49286651, 0xece45b3d),
73       TOBN(0xae9f2411, 0x7c4b1fe6), TOBN(0xee386bfb, 0x5a899fa5),
74       TOBN(0x0bff5cb6, 0xf406b7ed), TOBN(0xf44c42e9, 0xa637ed6b),
75       TOBN(0xe485b576, 0x625e7ec6), TOBN(0x4fe1356d, 0x6d51c245),
76       TOBN(0x302b0a6d, 0xf25f1437), TOBN(0xef9519b3, 0xcd3a431b),
77       TOBN(0x514a0879, 0x8e3404dd), TOBN(0x020bbea6, 0x3b139b22),
78       TOBN(0x29024e08, 0x8a67cc74), TOBN(0xc4c6628b, 0x80dc1cd1),
79       TOBN(0xc90fdaa2, 0x2168c234), TOBN(0xffffffff, 0xffffffff),
80   };
81   return get_params(ret, kWords, OPENSSL_ARRAY_SIZE(kWords));
82 }
83 
BN_get_rfc3526_prime_3072(BIGNUM * ret)84 BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *ret) {
85   static const BN_ULONG kWords[] = {
86       TOBN(0xffffffff, 0xffffffff), TOBN(0x4b82d120, 0xa93ad2ca),
87       TOBN(0x43db5bfc, 0xe0fd108e), TOBN(0x08e24fa0, 0x74e5ab31),
88       TOBN(0x770988c0, 0xbad946e2), TOBN(0xbbe11757, 0x7a615d6c),
89       TOBN(0x521f2b18, 0x177b200c), TOBN(0xd8760273, 0x3ec86a64),
90       TOBN(0xf12ffa06, 0xd98a0864), TOBN(0xcee3d226, 0x1ad2ee6b),
91       TOBN(0x1e8c94e0, 0x4a25619d), TOBN(0xabf5ae8c, 0xdb0933d7),
92       TOBN(0xb3970f85, 0xa6e1e4c7), TOBN(0x8aea7157, 0x5d060c7d),
93       TOBN(0xecfb8504, 0x58dbef0a), TOBN(0xa85521ab, 0xdf1cba64),
94       TOBN(0xad33170d, 0x04507a33), TOBN(0x15728e5a, 0x8aaac42d),
95       TOBN(0x15d22618, 0x98fa0510), TOBN(0x3995497c, 0xea956ae5),
96       TOBN(0xde2bcbf6, 0x95581718), TOBN(0xb5c55df0, 0x6f4c52c9),
97       TOBN(0x9b2783a2, 0xec07a28f), TOBN(0xe39e772c, 0x180e8603),
98       TOBN(0x32905e46, 0x2e36ce3b), TOBN(0xf1746c08, 0xca18217c),
99       TOBN(0x670c354e, 0x4abc9804), TOBN(0x9ed52907, 0x7096966d),
100       TOBN(0x1c62f356, 0x208552bb), TOBN(0x83655d23, 0xdca3ad96),
101       TOBN(0x69163fa8, 0xfd24cf5f), TOBN(0x98da4836, 0x1c55d39a),
102       TOBN(0xc2007cb8, 0xa163bf05), TOBN(0x49286651, 0xece45b3d),
103       TOBN(0xae9f2411, 0x7c4b1fe6), TOBN(0xee386bfb, 0x5a899fa5),
104       TOBN(0x0bff5cb6, 0xf406b7ed), TOBN(0xf44c42e9, 0xa637ed6b),
105       TOBN(0xe485b576, 0x625e7ec6), TOBN(0x4fe1356d, 0x6d51c245),
106       TOBN(0x302b0a6d, 0xf25f1437), TOBN(0xef9519b3, 0xcd3a431b),
107       TOBN(0x514a0879, 0x8e3404dd), TOBN(0x020bbea6, 0x3b139b22),
108       TOBN(0x29024e08, 0x8a67cc74), TOBN(0xc4c6628b, 0x80dc1cd1),
109       TOBN(0xc90fdaa2, 0x2168c234), TOBN(0xffffffff, 0xffffffff),
110   };
111   return get_params(ret, kWords, OPENSSL_ARRAY_SIZE(kWords));
112 }
113 
BN_get_rfc3526_prime_4096(BIGNUM * ret)114 BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *ret) {
115   static const BN_ULONG kWords[] = {
116       TOBN(0xffffffff, 0xffffffff), TOBN(0x4df435c9, 0x34063199),
117       TOBN(0x86ffb7dc, 0x90a6c08f), TOBN(0x93b4ea98, 0x8d8fddc1),
118       TOBN(0xd0069127, 0xd5b05aa9), TOBN(0xb81bdd76, 0x2170481c),
119       TOBN(0x1f612970, 0xcee2d7af), TOBN(0x233ba186, 0x515be7ed),
120       TOBN(0x99b2964f, 0xa090c3a2), TOBN(0x287c5947, 0x4e6bc05d),
121       TOBN(0x2e8efc14, 0x1fbecaa6), TOBN(0xdbbbc2db, 0x04de8ef9),
122       TOBN(0x2583e9ca, 0x2ad44ce8), TOBN(0x1a946834, 0xb6150bda),
123       TOBN(0x99c32718, 0x6af4e23c), TOBN(0x88719a10, 0xbdba5b26),
124       TOBN(0x1a723c12, 0xa787e6d7), TOBN(0x4b82d120, 0xa9210801),
125       TOBN(0x43db5bfc, 0xe0fd108e), TOBN(0x08e24fa0, 0x74e5ab31),
126       TOBN(0x770988c0, 0xbad946e2), TOBN(0xbbe11757, 0x7a615d6c),
127       TOBN(0x521f2b18, 0x177b200c), TOBN(0xd8760273, 0x3ec86a64),
128       TOBN(0xf12ffa06, 0xd98a0864), TOBN(0xcee3d226, 0x1ad2ee6b),
129       TOBN(0x1e8c94e0, 0x4a25619d), TOBN(0xabf5ae8c, 0xdb0933d7),
130       TOBN(0xb3970f85, 0xa6e1e4c7), TOBN(0x8aea7157, 0x5d060c7d),
131       TOBN(0xecfb8504, 0x58dbef0a), TOBN(0xa85521ab, 0xdf1cba64),
132       TOBN(0xad33170d, 0x04507a33), TOBN(0x15728e5a, 0x8aaac42d),
133       TOBN(0x15d22618, 0x98fa0510), TOBN(0x3995497c, 0xea956ae5),
134       TOBN(0xde2bcbf6, 0x95581718), TOBN(0xb5c55df0, 0x6f4c52c9),
135       TOBN(0x9b2783a2, 0xec07a28f), TOBN(0xe39e772c, 0x180e8603),
136       TOBN(0x32905e46, 0x2e36ce3b), TOBN(0xf1746c08, 0xca18217c),
137       TOBN(0x670c354e, 0x4abc9804), TOBN(0x9ed52907, 0x7096966d),
138       TOBN(0x1c62f356, 0x208552bb), TOBN(0x83655d23, 0xdca3ad96),
139       TOBN(0x69163fa8, 0xfd24cf5f), TOBN(0x98da4836, 0x1c55d39a),
140       TOBN(0xc2007cb8, 0xa163bf05), TOBN(0x49286651, 0xece45b3d),
141       TOBN(0xae9f2411, 0x7c4b1fe6), TOBN(0xee386bfb, 0x5a899fa5),
142       TOBN(0x0bff5cb6, 0xf406b7ed), TOBN(0xf44c42e9, 0xa637ed6b),
143       TOBN(0xe485b576, 0x625e7ec6), TOBN(0x4fe1356d, 0x6d51c245),
144       TOBN(0x302b0a6d, 0xf25f1437), TOBN(0xef9519b3, 0xcd3a431b),
145       TOBN(0x514a0879, 0x8e3404dd), TOBN(0x020bbea6, 0x3b139b22),
146       TOBN(0x29024e08, 0x8a67cc74), TOBN(0xc4c6628b, 0x80dc1cd1),
147       TOBN(0xc90fdaa2, 0x2168c234), TOBN(0xffffffff, 0xffffffff),
148   };
149   return get_params(ret, kWords, OPENSSL_ARRAY_SIZE(kWords));
150 }
151 
BN_get_rfc3526_prime_6144(BIGNUM * ret)152 BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *ret) {
153   static const BN_ULONG kWords[] = {
154       TOBN(0xffffffff, 0xffffffff), TOBN(0xe694f91e, 0x6dcc4024),
155       TOBN(0x12bf2d5b, 0x0b7474d6), TOBN(0x043e8f66, 0x3f4860ee),
156       TOBN(0x387fe8d7, 0x6e3c0468), TOBN(0xda56c9ec, 0x2ef29632),
157       TOBN(0xeb19ccb1, 0xa313d55c), TOBN(0xf550aa3d, 0x8a1fbff0),
158       TOBN(0x06a1d58b, 0xb7c5da76), TOBN(0xa79715ee, 0xf29be328),
159       TOBN(0x14cc5ed2, 0x0f8037e0), TOBN(0xcc8f6d7e, 0xbf48e1d8),
160       TOBN(0x4bd407b2, 0x2b4154aa), TOBN(0x0f1d45b7, 0xff585ac5),
161       TOBN(0x23a97a7e, 0x36cc88be), TOBN(0x59e7c97f, 0xbec7e8f3),
162       TOBN(0xb5a84031, 0x900b1c9e), TOBN(0xd55e702f, 0x46980c82),
163       TOBN(0xf482d7ce, 0x6e74fef6), TOBN(0xf032ea15, 0xd1721d03),
164       TOBN(0x5983ca01, 0xc64b92ec), TOBN(0x6fb8f401, 0x378cd2bf),
165       TOBN(0x33205151, 0x2bd7af42), TOBN(0xdb7f1447, 0xe6cc254b),
166       TOBN(0x44ce6cba, 0xced4bb1b), TOBN(0xda3edbeb, 0xcf9b14ed),
167       TOBN(0x179727b0, 0x865a8918), TOBN(0xb06a53ed, 0x9027d831),
168       TOBN(0xe5db382f, 0x413001ae), TOBN(0xf8ff9406, 0xad9e530e),
169       TOBN(0xc9751e76, 0x3dba37bd), TOBN(0xc1d4dcb2, 0x602646de),
170       TOBN(0x36c3fab4, 0xd27c7026), TOBN(0x4df435c9, 0x34028492),
171       TOBN(0x86ffb7dc, 0x90a6c08f), TOBN(0x93b4ea98, 0x8d8fddc1),
172       TOBN(0xd0069127, 0xd5b05aa9), TOBN(0xb81bdd76, 0x2170481c),
173       TOBN(0x1f612970, 0xcee2d7af), TOBN(0x233ba186, 0x515be7ed),
174       TOBN(0x99b2964f, 0xa090c3a2), TOBN(0x287c5947, 0x4e6bc05d),
175       TOBN(0x2e8efc14, 0x1fbecaa6), TOBN(0xdbbbc2db, 0x04de8ef9),
176       TOBN(0x2583e9ca, 0x2ad44ce8), TOBN(0x1a946834, 0xb6150bda),
177       TOBN(0x99c32718, 0x6af4e23c), TOBN(0x88719a10, 0xbdba5b26),
178       TOBN(0x1a723c12, 0xa787e6d7), TOBN(0x4b82d120, 0xa9210801),
179       TOBN(0x43db5bfc, 0xe0fd108e), TOBN(0x08e24fa0, 0x74e5ab31),
180       TOBN(0x770988c0, 0xbad946e2), TOBN(0xbbe11757, 0x7a615d6c),
181       TOBN(0x521f2b18, 0x177b200c), TOBN(0xd8760273, 0x3ec86a64),
182       TOBN(0xf12ffa06, 0xd98a0864), TOBN(0xcee3d226, 0x1ad2ee6b),
183       TOBN(0x1e8c94e0, 0x4a25619d), TOBN(0xabf5ae8c, 0xdb0933d7),
184       TOBN(0xb3970f85, 0xa6e1e4c7), TOBN(0x8aea7157, 0x5d060c7d),
185       TOBN(0xecfb8504, 0x58dbef0a), TOBN(0xa85521ab, 0xdf1cba64),
186       TOBN(0xad33170d, 0x04507a33), TOBN(0x15728e5a, 0x8aaac42d),
187       TOBN(0x15d22618, 0x98fa0510), TOBN(0x3995497c, 0xea956ae5),
188       TOBN(0xde2bcbf6, 0x95581718), TOBN(0xb5c55df0, 0x6f4c52c9),
189       TOBN(0x9b2783a2, 0xec07a28f), TOBN(0xe39e772c, 0x180e8603),
190       TOBN(0x32905e46, 0x2e36ce3b), TOBN(0xf1746c08, 0xca18217c),
191       TOBN(0x670c354e, 0x4abc9804), TOBN(0x9ed52907, 0x7096966d),
192       TOBN(0x1c62f356, 0x208552bb), TOBN(0x83655d23, 0xdca3ad96),
193       TOBN(0x69163fa8, 0xfd24cf5f), TOBN(0x98da4836, 0x1c55d39a),
194       TOBN(0xc2007cb8, 0xa163bf05), TOBN(0x49286651, 0xece45b3d),
195       TOBN(0xae9f2411, 0x7c4b1fe6), TOBN(0xee386bfb, 0x5a899fa5),
196       TOBN(0x0bff5cb6, 0xf406b7ed), TOBN(0xf44c42e9, 0xa637ed6b),
197       TOBN(0xe485b576, 0x625e7ec6), TOBN(0x4fe1356d, 0x6d51c245),
198       TOBN(0x302b0a6d, 0xf25f1437), TOBN(0xef9519b3, 0xcd3a431b),
199       TOBN(0x514a0879, 0x8e3404dd), TOBN(0x020bbea6, 0x3b139b22),
200       TOBN(0x29024e08, 0x8a67cc74), TOBN(0xc4c6628b, 0x80dc1cd1),
201       TOBN(0xc90fdaa2, 0x2168c234), TOBN(0xffffffff, 0xffffffff),
202   };
203   return get_params(ret, kWords, OPENSSL_ARRAY_SIZE(kWords));
204 }
205 
BN_get_rfc3526_prime_8192(BIGNUM * ret)206 BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *ret) {
207   static const BN_ULONG kWords[] = {
208       TOBN(0xffffffff, 0xffffffff), TOBN(0x60c980dd, 0x98edd3df),
209       TOBN(0xc81f56e8, 0x80b96e71), TOBN(0x9e3050e2, 0x765694df),
210       TOBN(0x9558e447, 0x5677e9aa), TOBN(0xc9190da6, 0xfc026e47),
211       TOBN(0x889a002e, 0xd5ee382b), TOBN(0x4009438b, 0x481c6cd7),
212       TOBN(0x359046f4, 0xeb879f92), TOBN(0xfaf36bc3, 0x1ecfa268),
213       TOBN(0xb1d510bd, 0x7ee74d73), TOBN(0xf9ab4819, 0x5ded7ea1),
214       TOBN(0x64f31cc5, 0x0846851d), TOBN(0x4597e899, 0xa0255dc1),
215       TOBN(0xdf310ee0, 0x74ab6a36), TOBN(0x6d2a13f8, 0x3f44f82d),
216       TOBN(0x062b3cf5, 0xb3a278a6), TOBN(0x79683303, 0xed5bdd3a),
217       TOBN(0xfa9d4b7f, 0xa2c087e8), TOBN(0x4bcbc886, 0x2f8385dd),
218       TOBN(0x3473fc64, 0x6cea306b), TOBN(0x13eb57a8, 0x1a23f0c7),
219       TOBN(0x22222e04, 0xa4037c07), TOBN(0xe3fdb8be, 0xfc848ad9),
220       TOBN(0x238f16cb, 0xe39d652d), TOBN(0x3423b474, 0x2bf1c978),
221       TOBN(0x3aab639c, 0x5ae4f568), TOBN(0x2576f693, 0x6ba42466),
222       TOBN(0x741fa7bf, 0x8afc47ed), TOBN(0x3bc832b6, 0x8d9dd300),
223       TOBN(0xd8bec4d0, 0x73b931ba), TOBN(0x38777cb6, 0xa932df8c),
224       TOBN(0x74a3926f, 0x12fee5e4), TOBN(0xe694f91e, 0x6dbe1159),
225       TOBN(0x12bf2d5b, 0x0b7474d6), TOBN(0x043e8f66, 0x3f4860ee),
226       TOBN(0x387fe8d7, 0x6e3c0468), TOBN(0xda56c9ec, 0x2ef29632),
227       TOBN(0xeb19ccb1, 0xa313d55c), TOBN(0xf550aa3d, 0x8a1fbff0),
228       TOBN(0x06a1d58b, 0xb7c5da76), TOBN(0xa79715ee, 0xf29be328),
229       TOBN(0x14cc5ed2, 0x0f8037e0), TOBN(0xcc8f6d7e, 0xbf48e1d8),
230       TOBN(0x4bd407b2, 0x2b4154aa), TOBN(0x0f1d45b7, 0xff585ac5),
231       TOBN(0x23a97a7e, 0x36cc88be), TOBN(0x59e7c97f, 0xbec7e8f3),
232       TOBN(0xb5a84031, 0x900b1c9e), TOBN(0xd55e702f, 0x46980c82),
233       TOBN(0xf482d7ce, 0x6e74fef6), TOBN(0xf032ea15, 0xd1721d03),
234       TOBN(0x5983ca01, 0xc64b92ec), TOBN(0x6fb8f401, 0x378cd2bf),
235       TOBN(0x33205151, 0x2bd7af42), TOBN(0xdb7f1447, 0xe6cc254b),
236       TOBN(0x44ce6cba, 0xced4bb1b), TOBN(0xda3edbeb, 0xcf9b14ed),
237       TOBN(0x179727b0, 0x865a8918), TOBN(0xb06a53ed, 0x9027d831),
238       TOBN(0xe5db382f, 0x413001ae), TOBN(0xf8ff9406, 0xad9e530e),
239       TOBN(0xc9751e76, 0x3dba37bd), TOBN(0xc1d4dcb2, 0x602646de),
240       TOBN(0x36c3fab4, 0xd27c7026), TOBN(0x4df435c9, 0x34028492),
241       TOBN(0x86ffb7dc, 0x90a6c08f), TOBN(0x93b4ea98, 0x8d8fddc1),
242       TOBN(0xd0069127, 0xd5b05aa9), TOBN(0xb81bdd76, 0x2170481c),
243       TOBN(0x1f612970, 0xcee2d7af), TOBN(0x233ba186, 0x515be7ed),
244       TOBN(0x99b2964f, 0xa090c3a2), TOBN(0x287c5947, 0x4e6bc05d),
245       TOBN(0x2e8efc14, 0x1fbecaa6), TOBN(0xdbbbc2db, 0x04de8ef9),
246       TOBN(0x2583e9ca, 0x2ad44ce8), TOBN(0x1a946834, 0xb6150bda),
247       TOBN(0x99c32718, 0x6af4e23c), TOBN(0x88719a10, 0xbdba5b26),
248       TOBN(0x1a723c12, 0xa787e6d7), TOBN(0x4b82d120, 0xa9210801),
249       TOBN(0x43db5bfc, 0xe0fd108e), TOBN(0x08e24fa0, 0x74e5ab31),
250       TOBN(0x770988c0, 0xbad946e2), TOBN(0xbbe11757, 0x7a615d6c),
251       TOBN(0x521f2b18, 0x177b200c), TOBN(0xd8760273, 0x3ec86a64),
252       TOBN(0xf12ffa06, 0xd98a0864), TOBN(0xcee3d226, 0x1ad2ee6b),
253       TOBN(0x1e8c94e0, 0x4a25619d), TOBN(0xabf5ae8c, 0xdb0933d7),
254       TOBN(0xb3970f85, 0xa6e1e4c7), TOBN(0x8aea7157, 0x5d060c7d),
255       TOBN(0xecfb8504, 0x58dbef0a), TOBN(0xa85521ab, 0xdf1cba64),
256       TOBN(0xad33170d, 0x04507a33), TOBN(0x15728e5a, 0x8aaac42d),
257       TOBN(0x15d22618, 0x98fa0510), TOBN(0x3995497c, 0xea956ae5),
258       TOBN(0xde2bcbf6, 0x95581718), TOBN(0xb5c55df0, 0x6f4c52c9),
259       TOBN(0x9b2783a2, 0xec07a28f), TOBN(0xe39e772c, 0x180e8603),
260       TOBN(0x32905e46, 0x2e36ce3b), TOBN(0xf1746c08, 0xca18217c),
261       TOBN(0x670c354e, 0x4abc9804), TOBN(0x9ed52907, 0x7096966d),
262       TOBN(0x1c62f356, 0x208552bb), TOBN(0x83655d23, 0xdca3ad96),
263       TOBN(0x69163fa8, 0xfd24cf5f), TOBN(0x98da4836, 0x1c55d39a),
264       TOBN(0xc2007cb8, 0xa163bf05), TOBN(0x49286651, 0xece45b3d),
265       TOBN(0xae9f2411, 0x7c4b1fe6), TOBN(0xee386bfb, 0x5a899fa5),
266       TOBN(0x0bff5cb6, 0xf406b7ed), TOBN(0xf44c42e9, 0xa637ed6b),
267       TOBN(0xe485b576, 0x625e7ec6), TOBN(0x4fe1356d, 0x6d51c245),
268       TOBN(0x302b0a6d, 0xf25f1437), TOBN(0xef9519b3, 0xcd3a431b),
269       TOBN(0x514a0879, 0x8e3404dd), TOBN(0x020bbea6, 0x3b139b22),
270       TOBN(0x29024e08, 0x8a67cc74), TOBN(0xc4c6628b, 0x80dc1cd1),
271       TOBN(0xc90fdaa2, 0x2168c234), TOBN(0xffffffff, 0xffffffff),
272   };
273   return get_params(ret, kWords, OPENSSL_ARRAY_SIZE(kWords));
274 }
275 
DH_generate_parameters_ex(DH * dh,int prime_bits,int generator,BN_GENCB * cb)276 int DH_generate_parameters_ex(DH *dh, int prime_bits, int generator,
277                               BN_GENCB *cb) {
278   // We generate DH parameters as follows
279   // find a prime q which is prime_bits/2 bits long.
280   // p=(2*q)+1 or (p-1)/2 = q
281   // For this case, g is a generator if
282   // g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1.
283   // Since the factors of p-1 are q and 2, we just need to check
284   // g^2 mod p != 1 and g^q mod p != 1.
285   //
286   // Having said all that,
287   // there is another special case method for the generators 2, 3 and 5.
288   // for 2, p mod 24 == 11
289   // for 3, p mod 12 == 5  <<<<< does not work for safe primes.
290   // for 5, p mod 10 == 3 or 7
291   //
292   // Thanks to Phil Karn <karn@qualcomm.com> for the pointers about the
293   // special generators and for answering some of my questions.
294   //
295   // I've implemented the second simple method :-).
296   // Since DH should be using a safe prime (both p and q are prime),
297   // this generator function can take a very very long time to run.
298 
299   // Actually there is no reason to insist that 'generator' be a generator.
300   // It's just as OK (and in some sense better) to use a generator of the
301   // order-q subgroup.
302 
303   if (prime_bits <= 0 || prime_bits > OPENSSL_DH_MAX_MODULUS_BITS) {
304     OPENSSL_PUT_ERROR(DH, DH_R_MODULUS_TOO_LARGE);
305     return 0;
306   }
307 
308   // Make sure |dh| has the necessary elements
309   if (dh->p == NULL) {
310     dh->p = BN_new();
311     if (dh->p == NULL) {
312       OPENSSL_PUT_ERROR(DH, ERR_R_BN_LIB);
313       return 0;
314     }
315   }
316   if (dh->g == NULL) {
317     dh->g = BN_new();
318     if (dh->g == NULL) {
319       OPENSSL_PUT_ERROR(DH, ERR_R_BN_LIB);
320       return 0;
321     }
322   }
323 
324   BN_ULONG t1, t2, g;
325   if (generator <= 1) {
326     OPENSSL_PUT_ERROR(DH, DH_R_BAD_GENERATOR);
327     return 0;
328   }
329   if (generator == DH_GENERATOR_2) {
330     t1 = 24;
331     t2 = 11;
332     g = 2;
333   } else if (generator == DH_GENERATOR_5) {
334     t1 = 10;
335     t2 = 3;
336     g = 5;
337   } else {
338     // In the general case, don't worry if 'generator' is a generator or not:
339     // since we are using safe primes, it will generate either an order-q or an
340     // order-2q group, which both is OK.
341     t1 = 2;
342     t2 = 1;
343     g = generator;
344   }
345 
346   bssl::UniquePtr<BIGNUM> t1_bn(BN_new()), t2_bn(BN_new());
347   if (t1_bn == nullptr || t2_bn == nullptr ||
348       !BN_set_word(t1_bn.get(), t1) ||  //
349       !BN_set_word(t2_bn.get(), t2) ||  //
350       !BN_generate_prime_ex(dh->p, prime_bits, 1, t1_bn.get(), t2_bn.get(),
351                             cb) ||
352       !BN_GENCB_call(cb, 3, 0) ||  //
353       !BN_set_word(dh->g, g)) {
354     OPENSSL_PUT_ERROR(DH, ERR_R_BN_LIB);
355     return 0;
356   }
357 
358   return 1;
359 }
360 
int_dh_bn_cpy(BIGNUM ** dst,const BIGNUM * src)361 static int int_dh_bn_cpy(BIGNUM **dst, const BIGNUM *src) {
362   BIGNUM *a = NULL;
363 
364   if (src) {
365     a = BN_dup(src);
366     if (!a) {
367       return 0;
368     }
369   }
370 
371   BN_free(*dst);
372   *dst = a;
373   return 1;
374 }
375 
int_dh_param_copy(DH * to,const DH * from,int is_x942)376 static int int_dh_param_copy(DH *to, const DH *from, int is_x942) {
377   if (is_x942 == -1) {
378     is_x942 = !!from->q;
379   }
380   if (!int_dh_bn_cpy(&to->p, from->p) ||
381       !int_dh_bn_cpy(&to->g, from->g)) {
382     return 0;
383   }
384 
385   if (!is_x942) {
386     return 1;
387   }
388 
389   if (!int_dh_bn_cpy(&to->q, from->q)) {
390     return 0;
391   }
392 
393   return 1;
394 }
395 
DHparams_dup(const DH * dh)396 DH *DHparams_dup(const DH *dh) {
397   DH *ret = DH_new();
398   if (!ret) {
399     return NULL;
400   }
401 
402   if (!int_dh_param_copy(ret, dh, -1)) {
403     DH_free(ret);
404     return NULL;
405   }
406 
407   return ret;
408 }
409